CME works with SMB but not with LDAP
Closed this issue · 5 comments
Describe the bug
I am using the latest version of crackmapexec, it works perfect with smb but using the same account/creds with ldap it fails.
Output
┌──(root💀kali)-[~/Desktop]
└─# crackmapexec ldap 192.168.194.153 -u lian.micky -p "Passw0rd" -M maq
SMB 192.168.194.153 445 DC [*] Windows 10.0 Build 20348 x64 (name:DC) (domain:bank.local) (signing:True) (SMBv1:False)
LDAP 192.168.194.153 445 DC [-] bank.local\lian.micky:Passw0rd Error connecting to the domain, are you sure LDAP service is running on the target ?
┌──(root💀kali)-[~/Desktop]
└─# crackmapexec smb 192.168.194.153 -u lian.micky -p "Passw0rd"
SMB 192.168.194.153 445 DC [*] Windows 10.0 Build 20348 x64 (name:DC) (domain:bank.local) (signing:True) (SMBv1:False)
SMB 192.168.194.153 445 DC [+] bank.local\lian.micky:Passw0rd
Screenshots
Crackmapexec info
- OS: kali
- Version of CME: 5.4.0
- Installed from apt
Make sure you can resolv the domain name.
Best option, add the domain name to your etc host file
@mpgn hello,
Thanks for the response, I've added the domain FQDN to the hosts file and I am getting the same exact error.
I don't think it's related to name resolution, otherwise it would have impacted the smb module too not just the ldap.
Got any other suggestions? Is there a debug/verbose mode I can enable to get more details?
Yes, you can add the '--verbose' flag, for the debug log output. ('crackmapexec --verbose smb' and not at the end)
@NeffIsBack thanks for the help. Here's the LDAP command with the verbose option:
└─# crackmapexec --verbose ldap 192.168.194.156 -u lian.micky -p "Passw0rd" -M maq
DEBUG:root:Passed args:
{'admin_count': False,
'aesKey': None,
'asreproast': None,
'connectback_host': None,
'continue_on_success': False,
'cred_id': [],
'darrell': False,
'domain': None,
'export': None,
'fail_limit': None,
'get_sid': False,
'gfail_limit': None,
'gmsa': False,
'groups': False,
'hash': [],
'jitter': None,
'kdcHost': None,
'kerberoasting': None,
'kerberos': False,
'list_modules': False,
'local_auth': False,
'module': 'maq',
'module_options': [],
'no_bruteforce': False,
'no_smb': False,
'password': ['Passw0rd'],
'password_not_required': False,
'port': 389,
'protocol': 'ldap',
'server': 'https',
'server_host': '0.0.0.0',
'server_port': None,
'show_module_options': False,
'target': ['192.168.194.156'],
'threads': 100,
'timeout': None,
'trusted_for_delegation': False,
'ufail_limit': None,
'use_kcache': False,
'username': ['lian.micky'],
'users': False,
'verbose': True}
DEBUG Passed args:
{'admin_count': False,
'aesKey': None,
'asreproast': None,
'connectback_host': None,
'continue_on_success': False,
'cred_id': [],
'darrell': False,
'domain': None,
'export': None,
'fail_limit': None,
'get_sid': False,
'gfail_limit': None,
'gmsa': False,
'groups': False,
'hash': [],
'jitter': None,
'kdcHost': None,
'kerberoasting': None,
'kerberos': False,
'list_modules': False,
'local_auth': False,
'module': 'maq',
'module_options': [],
'no_bruteforce': False,
'no_smb': False,
'password': ['Passw0rd'],
'password_not_required': False,
'port': 389,
'protocol': 'ldap',
'server': 'https',
'server_host': '0.0.0.0',
'server_port': None,
'show_module_options': False,
'target': ['192.168.194.156'],
'threads': 100,
'timeout': None,
'trusted_for_delegation': False,
'ufail_limit': None,
'use_kcache': False,
'username': ['lian.micky'],
'users': False,
'verbose': True}
DEBUG:asyncio:Using selector: EpollSelector
DEBUG Using selector: EpollSelector
DEBUG:root:Running
DEBUG Running
DEBUG:root:Started thread poller
DEBUG Started thread poller
DEBUG:root:Error creating SMBv1 connection to 192.168.194.156: Error occurs while reading from remote(104)
DEBUG Error creating SMBv1 connection to 192.168.194.156: Error occurs while reading from remote(104)
DEBUG:impacket:Connecting to 192.168.194.156, port 389, SSL False
DEBUG Connecting to 192.168.194.156, port 389, SSL False
DEBUG:root:Error creating SMBv1 connection to 192.168.194.156: Error occurs while reading from remote(104)
DEBUG Error creating SMBv1 connection to 192.168.194.156: Error occurs while reading from remote(104)
SMB 192.168.194.156 445 DC [*] Windows 10.0 Build 20348 x64 (name:DC) (domain:bank.local) (signing:True) (SMBv1:False)
DEBUG:impacket:Connecting to DC.bank.local, port 389, SSL False
DEBUG Connecting to DC.bank.local, port 389, SSL False
LDAP 192.168.194.156 445 DC [-] bank.local\lian.micky:Passw0rd Error connecting to the domain, are you sure LDAP service is running on the target ?
DEBUG:root:Stopped thread poller
DEBUG Stopped thread poller
@init5-SF What's your /etc/resolv.conf? I have this problem if I'm connected to a VPN or something that is inserting nameservers above the one for my lab, which could be the same issue here.
When I disconnect, it connects via LDAP fine. Also the module is "MAQ" (all capitals), not sure if that matters.